CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More
Get access to immediate incident response assistance.
SSO uses Active Directory server event security logs to handle security events. For all Active Directory servers that provide SSO information, you must enable and configure the Security Event Log.
Each AC Portal requires an account that has access to the security log. While you can use an administrator-level account, you may prefer to create an observer account, which has fewer privileges. You can configure an observer account for the domain policy or the local (domain controller) policy. Trustwave recommends configuring the account for the root level domain policy so that the account will be replicated across all domain controllers in the AD forest.
To create an observer account for the domain policy, follow these steps:
To contact Trustwave about this article or to request support:
This is a bot-free zone. Please check the box to let us know you're human.
Download Now
Read complimentary reports and insightful stories in the Trustwave Resource Center
One of our sales specialists will be in touch shortly.